SuSE 10 Security Update : ruby (ZYPP Patch Number 8639)

Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Mandriva Linux Security Advisory : ruby (MDVSA-2013:201)

A vulnerability has been discovered and corrected in ruby : A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves RCE by...

Updated ruby packages fix CVE-2013-4073

A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...

[SECURITY] Fedora 18 Update: ruby-korundum-4.10.5-1.fc18

Ruby bindings for libraries created by the KDE community...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 Grizzly. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

Oracle Linux 5 / 6 : ruby (ELSA-2013-1090)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1090 advisory. - Fix regression introduced by CVE-2013-4073 https://bugs.ruby-lang.org/issues/8575...

Scientific Linux Security Update : ruby on SL5.x, SL6.x i386/srpm/x86_64 (20130717)

A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to...

CentOS 5 / 6 : ruby (CESA-2013:1090)

Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 5 / 6 : ruby (RHSA-2013:1090)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1090 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks....

ruby security update

CentOS Errata and Security Advisory CESA-2013:1090 Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

ruby security update

1.8.7.352-12 - Fix regression introduced by CVE-2013-4073 https://bugs.ruby-lang.org/issues/8575 ruby-2.0.0-p255-Fix-SSL-client-connection-crash-for-SAN-marked-critical.patch - Related: rhbz979300 1.8.7.352-11 - hostname check bypassing vulnerability in SSL client...

[SECURITY] Fedora 19 Update: ruby-2.0.0.247-14.fc19

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Oracle Linux 6 : ruby (ELSA-2013-0612)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0612 advisory. - escaping vulnerability about Exceptiontos / NameErrortos ruby-1.8.7-p371-CVE-2012-4481.patch - Related: rhbz915379 Tenable has extracted the precedin...

Oracle Linux 5 : ruby (ELSA-2013-0611)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0611 advisory. 1.8.5-29 - Fix regression introduced by fix for entity expansion DOS vulnerability in REXML https://bugs.ruby-lang.org/issues/7961...

Oracle Linux 5 : ruby (ELSA-2011-0909)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0909 advisory. - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005...